Bitcoin Forum
October 18, 2021, 07:39:37 AM *
News: Latest Bitcoin Core release: 22.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Anubis: A fork malware which targets crypto currency wallets  (Read 302 times)
cryptomaniac_xxx
Hero Member
*****
Offline Offline

Activity: 560
Merit: 508



View Profile
September 02, 2020, 08:10:37 AM
Merited by vapourminer (2), Baofeng (2), DdmrDdmr (2), notblox1 (2), Lucius (1), tranthidung (1), so98nn (1), jademaxsuy (1), CryptoYar (1)
 #1

According to Microsoft Security Intelligence, there is a new fork malware from Loki, which is targets crypto currency wallets. It seems that cyber criminals are also forking codes to suit their needs (no pun intended).



https://twitter.com/MsftSecIntel/status/1298752223321546754

I also check anyrun is someone already run a scan on
Code:
Anubis Stealer.exe



Here is the full report: https://any.run/report/895b3b6890d192de8bc3744ce0757edb909351081744403663a9c3b04e409125/2e03f091-19a3-4d98-ba5c-0623b704a525#screenshots

Again, we should always have a good security practices;

1. never click on any suspicious links specially shortened URL's
2. update our OS
3. Train our eyes, educate ourselves, stay vigilant
4. back up our data regularly

Duelbits            ▄████▄▄
          ▄█████████▄
        ▄█████████████▄
     ▄██████████████████▄
   ▄████▄▄▄█████████▄▄▄███▄
 ▄████▐▀▄▄▀▌████▐▀▄▄▀▌██

 ██████▀▀▀▀███████▀▀▀▀█████

▐████████████■▄▄▄■██████████▀
▐██████████████████████████▀
██████████████████████████▀
▀███████████████████████▀
  ▀███████████████████▀
    ▀███████████████▀
.
         ▄ ▄▄▀▀▀▀▄▄
         ▄▀▀▄      █
         █   ▀▄     █
       ▄█▄     ▀▄   █
      ▄▀ ▀▄      ▀█▀
    ▄▀     ▀█▄▄▄▀▀ ▀
  ▄▀  ▄▀  ▄▀

Live Games

   ▄▄▀▀▀▀▀▀▀▄▄
 ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄
▄▀ █ ▄  █  ▄ █ ▀▄
█ █   ▀   ▀   █ █  ▄▄▄
█ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █   █
█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█  █▄█
█ ▀▀█  ▀▀█  ▀▀█ █  █▄█

Slots
.
        ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄
        █         ▄▄  █
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄       █
█  ▄▄         █       █
█             █       █
█   ▄▀▀▄▀▀▄   █       █
█   ▀▄   ▄▀   █       █

Blackjack
|              ▄▄▀▀█▌
          ▄▄▀█▄    █
        ▄▀     ▀▄▄ █
       █    ▄▄    ▀█
    ▄▄█    █  █   ▐▌
  ▄▀ █      ▀▀    █
▄▀  ▐▌           █
█ ▄▀▀▄▄        ▄▀
▀▀  ▄  ▀▄▄   ▄▀█
  ▄▀   ▄  ▀█▀  █
   ▄▀ ▄▀   █  █
  ▄▀ █     █▄▀
   ▄▀
NEW GAME!
..CRASH...
|||
[ Đ ][ Ł ]
AVAILABLE NOW
1634542777
Hero Member
*
Offline Offline

Posts: 1634542777

View Profile Personal Message (Offline)

Ignore
1634542777
Reply with quote  #2

1634542777
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1634542777
Hero Member
*
Offline Offline

Posts: 1634542777

View Profile Personal Message (Offline)

Ignore
1634542777
Reply with quote  #2

1634542777
Report to moderator
Charles-Tim
Hero Member
*****
Online Online

Activity: 602
Merit: 1736



View Profile
September 02, 2020, 08:30:40 AM
 #2

1. never click on any suspicious links specially shortened URL's
2. update our OS
3. Train our eyes, educate ourselves, stay vigilant
4. back up our data regularly
You are absolutely right, there are new forsm of malware as time passes, but the preventive measures are still the same. If we can use the same old preventibe measure, then we will be good. But many people do not know about this, all they know is to visit social media, click on any link they wish to. People also like free giveaways, the link to the giveaway can contain malware links. Also, some people like scam businesses like cloud mining, the site to the cloud mining can also contain malware. How about airdrops that steal information from someone, from there a link can be sent to someone's email in a phishing attack, the link in the email can contain malware.

Although, people are social, they have to go online, but they have to be careful while clicking on links. That is why I have my wallet devices, in which I also have my exchange accounts and bank account apps seperately, I do not use them to connect online at all, but only for such sensitive purposes.

.BEST..CHANGE.███████████████
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
███████████████
..BUY/ SELL CRYPTO..
DdmrDdmr
Legendary
*
Offline Offline

Activity: 1372
Merit: 5986


Give this a chance https://twitter.com/BtcTalkShow


View Profile WWW
September 02, 2020, 10:02:23 AM
 #3

Anubis rang a bell, and I thought this was old news from at least 2018/2019, when a banking targeting malware was on the loose.

It turns out that this Anubis is not the same (who ever baptised it could have avoided name collision in order to make it less confusing) as that Anubis:
Quote
Importantly, this malware is distinct from a family of Android banking malware also called Anubis.  It joins a growing list of malwares that look for vulnerable cryptocurrency stashes. 
Unfortunately, Microsoft seems to have omitted providing the details yet with concrete examples and measure of current impact, although a partner director of security research at Microsoft stated that "it is downloaded from certain websites", which is not much to go by (except for the always be extremely wary of what and from where you download).

See: https://www.coindesk.com/malware-anubis-cryptocurrency-wallets

lovesmayfamilis
Legendary
*
Offline Offline

Activity: 1148
Merit: 2268


✿♥‿♥✿


View Profile WWW
September 02, 2020, 10:07:11 AM
 #4

Swindlers in the cryptocurrency space have become a constant phenomenon. Thus, they will constantly look for ways to hack wallets. There are thousands of instructions on the forum that warn users to use their assets carefully. But despite this, there are still those who lose their money.
Knowing the basics of safe Internet use has become the number one rule. But knowledge alone does not always help. Constant monitoring of news related to cryptocurrency protection will prevent many from accidental losses.
You should always blame only yourself, for your carelessness, and draw conclusions for the future so as not to repeat such mistakes.

.BEST..CHANGE.███████████████
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
███████████████
..BUY/ SELL CRYPTO..
jademaxsuy
Full Member
***
Offline Offline

Activity: 924
Merit: 219


View Profile WWW
September 02, 2020, 10:32:26 AM
 #5

Nowadays, users with average knowledge on computer but has the love to cryptocurrency might become a victim of these swindlers. We cannot force also users not to join cryptocurrency if they had only few knowledge even if they are having hard time the basic to learn about cryptocurrency. However, we could still help them out like having these posts OP did. Starting a thread regarding on the new trend of phishing or scamming would be a better way to educate people about cryptocurrency. This we could also help to bring down the number of getting scam over the period of time. All users must be vigilant about this and share.
tranthidung
Legendary
*
Offline Offline

Activity: 1330
Merit: 2549


ccFOUND - Decentralized Social Media for Wisdom


View Profile WWW
September 02, 2020, 10:51:48 AM
 #6

Again, we should always have a good security practices;

1. never click on any suspicious links specially shortened URL's
2. update our OS
3. Train our eyes, educate ourselves, stay vigilant
4. back up our data regularly
Good but not enough so please give me chance to support your advice with this point

  • Allocate part of your capital to buy Internet security or antivirus softwares to protect your devices.

Your suggested solutions are first layer of prevention and protection, the second one is mine. "Prevention and protection are better than cure." Crypto transactions are irreversible so the statement makes more sense.

.BEST..CHANGE.███████████████
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
███████████████
..BUY/ SELL CRYPTO..
yazher
Hero Member
*****
Offline Offline

Activity: 1246
Merit: 539


You own the pen


View Profile
September 02, 2020, 12:11:39 PM
 #7

Again, we should always have a good security practices;

1. never click on any suspicious links specially shortened URL's
2. update our OS
3. Train our eyes, educate ourselves, stay vigilant
4. back up our data regularly
Good but not enough so please give me chance to support your advice with this point

  • Allocate part of your capital to buy Internet security or antivirus softwares to protect your devices.

Your suggested solutions are first layer of prevention and protection, the second one is mine. "Prevention and protection are better than cure." Crypto transactions are irreversible so the statement makes more sense.

So which Internet security or antivirus software do you recommend for us? or anyone who know these programs well can tell us here what kind of Anti-virus would be enough to detect this new malware. there are tons of them in the market, I just want to know more information before saving some money to buy one.

.freebitcoin.       ▄▄▄█▀▀██▄▄▄
   ▄▄██████▄▄█  █▀▀█▄▄
  ███  █▀▀███████▄▄██▀
   ▀▀▀██▄▄█  ████▀▀  ▄██
▄███▄▄  ▀▀▀▀▀▀▀  ▄▄██████
██▀▀█████▄     ▄██▀█ ▀▀██
██▄▄███▀▀██   ███▀ ▄▄  ▀█
███████▄▄███ ███▄▄ ▀▀▄  █
██▀▀████████ █████  █▀▄██
 █▄▄████████ █████   ███
  ▀████  ███ ████▄▄███▀
     ▀▀████   ████▀▀
BITCOIN
DICE
EVENT
BETTING
WIN A LAMBO !

.
            ▄▄▄▄▄▄▄▄▄▄███████████▄▄▄▄▄
▄▄▄▄▄██████████████████████████████████▄▄▄▄
▀██████████████████████████████████████████████▄▄▄
▄▄████▄█████▄████████████████████████████▄█████▄████▄▄
▀████████▀▀▀████████████████████████████████▀▀▀██████████▄
  ▀▀▀████▄▄▄███████████████████████████████▄▄▄██████████
       ▀█████▀  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  ▀█████▀▀▀▀▀▀▀▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.PLAY NOW.
tranthidung
Legendary
*
Offline Offline

Activity: 1330
Merit: 2549


ccFOUND - Decentralized Social Media for Wisdom


View Profile WWW
September 02, 2020, 12:27:48 PM
 #8

So which Internet security or antivirus software do you recommend for us? or anyone who know these programs well can tell us here what kind of Anti-virus would be enough to detect this new malware. there are tons of them in the market, I just want to know more information before saving some money to buy one.
I use Kaspersky internet security but as being said, any AV or Internet security software only can give you second layer of protection / prevention. Companies need time to update their database so that if you have bad web surfing style, you put your devices and your accounts, identities, fund at risk.

There are some free but I don't recommend anyone to use free if you are seriously invest in crypto.

I prepare Kaspersky for my devices but the one I use to trade daily, I don't store my wallets, seeds, keys on it. Use strong passwords, activate 2FA (I don't use the phone I installed my 2FAs to trade. It is mostly offline) are other things. Wink

.BEST..CHANGE.███████████████
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
██
███████████████
..BUY/ SELL CRYPTO..
CryptocurencyKing
Sr. Member
****
Offline Offline

Activity: 546
Merit: 264


The world never stops spinning, why should you?


View Profile
September 02, 2020, 12:29:39 PM
 #9

These pop-ups are always very tempting. Especially for people that subscribes to just too many and any platforms and the thing about technology is coding. Where there are series of security procedures, there are also codes to by pass them if need be.
No wonder these sections are been exploit by a lot of persons for a lot of reasons. These codes are planted in the variety of pop-ups or mails one receives and upon clicking, it's like an entry permit for the malware to operate. You've just got to learn to avoid and also, not to input your details or activate notifications to the extent that you get confused. It raises your vulnerability.

Duelbits            ▄████▄▄
          ▄█████████▄
        ▄█████████████▄
     ▄██████████████████▄
   ▄████▄▄▄█████████▄▄▄███▄
 ▄████▐▀▄▄▀▌████▐▀▄▄▀▌██

 ██████▀▀▀▀███████▀▀▀▀█████

▐████████████■▄▄▄■██████████▀
▐██████████████████████████▀
██████████████████████████▀
▀███████████████████████▀
  ▀███████████████████▀
    ▀███████████████▀
.
         ▄ ▄▄▀▀▀▀▄▄
         ▄▀▀▄      █
         █   ▀▄     █
       ▄█▄     ▀▄   █
      ▄▀ ▀▄      ▀█▀
    ▄▀     ▀█▄▄▄▀▀ ▀
  ▄▀  ▄▀  ▄▀

Live Games

   ▄▄▀▀▀▀▀▀▀▄▄
 ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄
▄▀ █ ▄  █  ▄ █ ▀▄
█ █   ▀   ▀   █ █  ▄▄▄
█ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █   █
█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█  █▄█
█ ▀▀█  ▀▀█  ▀▀█ █  █▄█

Slots
.
        ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄
        █         ▄▄  █
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄       █
█  ▄▄         █       █
█             █       █
█   ▄▀▀▄▀▀▄   █       █
█   ▀▄   ▄▀   █       █

Blackjack
|              ▄▄▀▀█▌
          ▄▄▀█▄    █
        ▄▀     ▀▄▄ █
       █    ▄▄    ▀█
    ▄▄█    █  █   ▐▌
  ▄▀ █      ▀▀    █
▄▀  ▐▌           █
█ ▄▀▀▄▄        ▄▀
▀▀  ▄  ▀▄▄   ▄▀█
  ▄▀   ▄  ▀█▀  █
   ▄▀ ▄▀   █  █
  ▄▀ █     █▄▀
   ▄▀
NEW GAME!
CRASH 
|||
[ Đ ][ Ł ]
AVAILABLE NOW
Baofeng
Legendary
*
Offline Offline

Activity: 1652
Merit: 1409



View Profile
September 02, 2020, 11:59:47 PM
 #10

Anubis rang a bell, and I thought this was old news from at least 2018/2019, when a banking targeting malware was on the loose.

It does ring a bell, {Warning}: Cerberus Android Malware Can Bypass 2FA, Unlock Devices Remotely.

If we are going by the flow, it was supposedly a fork of Loki, so back tracking, the mode of attack is:


So I will assume that the 3rd attack vector is what Microsoft Engineers have seen in the wild.

███████████████████████████████████████████████████████████████████████████████████████████
█████████████████                  ██                                     █████████████████
█████████████████▐█▄             ▄█▀                                      █████████████████
████████████████████    ▄██▄    ▄█▀ ██                          ██        █████████████████
████████████████████   ▄████   ▄█▀ ▄▄  ▄▄▄ ▄▄▄   ▄▄▄▄▄▄▄       ▄▄▄   ▄▄▄  █████████████████
████████████████████  ▄█▀███  ▄█▀ ██▌ ▄██▀▄▀██▌ █▀  ▄█▀       ▄██▌ ▄██▀ ▀▄█████████████████
████████████████████ ▄█▀▐███ ██▀ ██▌ ▐███▀ ▄█▀    ▄█▀        ▄██▌ ▄██   ▄▀█████████████████
█████████████████▐██▄█▀  █████▀ ▐██  ███  ▐██   ▄█▀          ██▀  ██▌  ▄▀ █████████████████
█████████████████ ▀██▀   ▀██▀    ▀█  ▀█   ▀█  ▄██▄▄▄▄▄▀▀  ██ ▀█    ▀███▀  █████████████████
███████████████████████████████████████████████████████████████████████████████████████████

................Every BTCit of Fun.................
.
.FAIR & FAST CRYPTO CASINO.....
.
.....GET UP TO 150 NO WAGERING FREE SPINS.
.
..JOIN NOW..
JakobFugger
Member
**
Offline Offline

Activity: 85
Merit: 24


View Profile
September 03, 2020, 01:14:50 AM
 #11

Funny that they announce they saw it first being sold in the DarkNet markets. That is, they probably bought it. Would that be a crime? I don't know what the legislation is for this type of event, but I found it curious.

Now, what I didn't understand is about the wallets. It is a virus that steals data. Does he steal the data to access a wallet? Could they send the .file too? I think it is more likely it will steal pass and user from exchanges.

btw Anubis  It is the Greek God who guided the dead in the underworld;
TravelMug
Hero Member
*****
Offline Offline

Activity: 1694
Merit: 675



View Profile
September 03, 2020, 09:26:48 AM
 #12

Funny that they announce they saw it first being sold in the DarkNet markets. That is, they probably bought it. Would that be a crime? I don't know what the legislation is for this type of event, but I found it curious.

Perhaps those cyber threat investigators are also frequenting the DarkNet markets to see what's going on specially regarding malwares/virus/data breaches being sold. And then they go one step forward to investigate or yeah, maybe acquire the virus itself to understand how it really works.

Now, what I didn't understand is about the wallets. It is a virus that steals data. Does he steal the data to access a wallet? Could they send the .file too? I think it is more likely it will steal pass and user from exchanges.

If you look at its predecessors, one method to spread is if you download a malicious installer, then it downloads a payload. Then is has total control of your pc's. So if it has total control of your pc then he can do everything without you noticing it. Including being persistence, watching your passwords and your crypto wallets.

███████████████████████████
█████████▀▄▄▄▄▄██▀▀████████
█████▀▄█▀▀▄▄▄▄▄▄▄▀▀▄▄▀█████
████ █▀▄███████████▄▀██████
███▄█ ███████▀ ██████ █ ███
██▀█ ███  ▀▀█  ▀██████ █ ██
██ █ ████▄▄      ▀▀▀██ █ ██
██ █ █████▌        ▄██ ████
███▄█ █████▄▄   ▄▄███ █▀███
████▀█▄▀█████▌  ▀██▀▄█ ████
█████▄▀▀▄▄▀▀▀▀   ▄▄█▀▄█████
████████▄██▀▀▀▀▀▀██████████
███████████████████████████
.
█ █▀█ █▀█ █▀█  ▄  ▄▀▀ █   ▄▀█ ▀█▀ ▄▀▀ ▄███▄
█ █▀█ █ █ █ █ ▀█▀ ▀▀█ █   █ █  █  ▀▀█ ▀███▀
█ █▄█ █▄█ █▄█     ▄▄▀ ▀▄▄ █▄▀  █  ▄▄▀   
                                        █
████████████████████████████████████ 
███▀▀▀▀▀▀██████▀▀▀▀▀▀██████▀▀▀▀▀▀███ 
█▀▄██▀███▄▀██▀▄██▀███▄▀██▀▄██▀███▄▀████▄
█ █ ▀ ▀███ ██ █ ▀ ▀███ ██ █ ▀ ▀███ █████
█ ██    ▄█ ██ ██    ▄█ ██ ██    ▄█ █████
█▄▀██  ▀█▀▄██▄▀██  ▀█▀▄██▄▀██  ▀█▀▄████▀
███▄▄▄▄▄▄██████▄▄▄▄▄▄██████▄▄▄▄▄▄███
████████████████████████████████████
CRYPTO'S FASTEST
GROWING CASINO

‎ ★
█▄             ▄█
██▄         ▄██
▐█████████████████▌
█████████████████

▄█████████████████▄
▀▀
▄▄▄▄    ▄▄▄▄   ▀▀
▀███▀  ▄████▀  ▄██▀

▄▄   ▀█████  ▀▀▄▄
██████████████████
████▀▀▀▀▀▀▀▀▀▀▀▀█████
██████▄▄▄▄▄▄▄▄███████
▀███████████████▀
▀▀██████████▀▀
▄▄█████████▄▄
▄█▀▀  ▀▀███▀▀  ▀▀█▄
▄█▀        █        ██▄
▄█          █         ██▄
▄███       ▄███▄       ███▄
███▀▀█▄▄▄▄███████▄▄▄▄█▀▀███
█▀      ▀█████████▀      ▀█
█        █████████        █
▀█       █████████       █▀
▀█     ▄█       █▄     █▀
▀██████         ██████▀
▀████▄       ▄████▀
▄▄▄█████▀▀███▄▄▄▄▄███▀▀█████▄▄▄
★ ‎
‎ ★
..PLAY NOW..
Lucius
Legendary
*
Offline Offline

Activity: 2296
Merit: 2755


Si Vis Pacem, Para Bellum


View Profile WWW
September 03, 2020, 11:07:02 AM
 #13

I use Kaspersky internet security but as being said, any AV or Internet security software only can give you second layer of protection / prevention. Companies need time to update their database so that if you have bad web surfing style, you put your devices and your accounts, identities, fund at risk.

I think AV companies act very fast when it comes to refreshing their definition databases, it's not something that happens once a week or a month as an update for Windows OS. Of course there is also heuristic analysis that can detect the virus even if it is not in the database, and that component is very important. 

It is crucial that this virus, like most others, spreads in the usual ways - so you only need to turn on the brain when using the Internet, because any infection of the device is the result of irresponsible behavior. Although I use a hardware wallet, the computer I use for crypto is under special usage measures, which means there is no torrent, no suspicious pages and everything has to be up to date. For everything else I use another device and I think this is the minimum safety precautions that everyone should apply.

anonimogmr
Jr. Member
*
Offline Offline

Activity: 67
Merit: 1


View Profile
September 03, 2020, 01:29:22 PM
 #14

Honestly anyone dealing with cryptocurrencies by now should already be using Linux or at least give it a try. Windows is constantly being attacked and antivirus or anti-malware programs are definitely not the solution as they can also be attacked and give a false sense of security. For starters, give Linux Mint a try.
NotFuzzyWarm
Legendary
*
Offline Offline

Activity: 2688
Merit: 1804


Evil beware: We have waffles!


View Profile
September 03, 2020, 02:07:41 PM
 #15

@JakobFugger,
Quote
btw Anubis  It is the Greek God who guided the dead in the underworld;
Actually he was the Egyptian god of mummification and the afterlife as well as the patron god of lost souls and the helpless. He is one of the oldest gods of Egypt, who most likely developed from the earlier (and much older) jackal god Wepwawet with whom he is often confused.
Just clearing that up...

As for the malware, not surprised at all. As others have said, be very careful when surfing the 'net and along with a good AV always use a JAVAscipt blocker such as NoScript.

- For bitcoin to succeed the community must police itself -    My info useful? Donations welcome! 1FuzzyWc2J8TMqeUQZ8yjE43Rwr7K3cxs9
How a miner mfgr SHOULD operate:  HagssFIN trip to Canaan
-Support Sidehacks miner development. Donations to:   1BURGERAXHH6Yi6LRybRJK7ybEm5m5HwTr
Captain-Cryptory
Hero Member
*****
Offline Offline

Activity: 1218
Merit: 766


👿 lurks in the details.


View Profile
September 07, 2020, 11:08:37 AM
Last edit: September 07, 2020, 01:41:22 PM by Captain-Cryptory
 #16

According to Microsoft Security Intelligence, there is a new fork malware from Loki, which is targets crypto currency wallets. It seems that cyber criminals are also forking codes to suit their needs (no pun intended).


Thanks for the heads-up. According to AnyRun report it seems communicates to 208.95.112.1:80 so I has blocked both in and out connections to that IP. "Better  safe than sorry". BTW, I  have noticed that Anubis does a lot of work in C:\Users\admin\AppData\Local\Temp\  folder. Good way to block this is to use advanced features of OSArmor from NoVirusThanks. The latter is in potential to block  the activity of  various  malware by activating  dozens of security  rules.  

                 ▄▄█████▄
               ▄████▀▀▀▀█▌
             ▄████▀    ▀▄▀
    ▄ ▄▄▄▄▄▄▄▀▀█▀       █▌
 ▄█▀▄▀▀▀▀▀▀▀▀██▄▄     ▄█▀
██▌        ██▄▀▀█▀▀▄▄██▀
███▄▄▄     ███ ▄▄███▀▀
 ▀▀███████ ███▐██▀▀▄██
     ▀▀▀▀▀ ███     ███▌
           ▐██     ▐██▌
           ▐██▄    ▐██
            ▀██▄ ▄▄█▀
              ▀██▄▄
Catena



▀██     ▄██▀
██▄ ▄██▀
▀█████
██
▄█████
██▀ ▀██▄
▄██     ▀██▄
██
██
██
██
██
██
██
██
██
.
...E x p e r i e n c e   t h e   F u t u r e   o f   D e F i...
██
██
██
██
██
██
██
██
██
▄█████████████████████████▄
███████████████████████████
███████████████████████████
██████▀███████▀   ▀▀▀▄█████
█████▌  ▀▀███▌       ▄█████
█████▀               ██████
█████▄              ███████
██████▄            ████████
███████▄▄        ▄█████████
██████▄       ▄████████████
███████████████████████████
███████████████████████████

▀█████████████████████████
▄█████████████████████████▄
███████████████████████████
███████████████████████████
██████████████████▀▀███████
█████████████▀▀▀    ███████
████████▀▀▀   ▄▀   ████████
█████▄     ▄█▀     ████████
████████▄ █▀      █████████
█████████▌▐       █████████
██████████ ▄██▄  ██████████
████████████████▄██████████
███████████████████████████

▀█████████████████████████▀
▄█████████████████████████▄
███████████████████████████
███████████ ██ ████████████
███████▀▀▀▀ ▀▀ ▀▀██████████
████████▄   ▄▄▄▄  ▀████████
█████████   ████   ████████
█████████         ▀████████
█████████   ████    ███████
████████▀   ▀▀▀▀   ▄███████
███████▄▄▄▄ ▄▄ ▄▄▄█████████
███████████ ██ ████████████
███████████████████████████

▀█████████████████████████▀
▄█████████████████████████▄
███████████████████████████
██████▀▀███████████▀▀██████
██████    ▀     ▀    ██████
██████               ██████
█████▌               ▐█████
█████                 █████
█████▌               ▐█████
███████▄           ▄███████
████▄▀████▀     ▀██████████
█████▄ ▀▀▀       ██████████
███████▄▄▄       ██████████

▀█████████████████████████▀
jademaxsuy
Full Member
***
Offline Offline

Activity: 924
Merit: 219


View Profile WWW
September 07, 2020, 11:32:50 AM
 #17

We should be all aware on the things that happen in the internet to keep as away being a target of phishing or hacking especially when it involves in cryptocurrency funds. This is clearly a work of the hackers and no one will going to like lossing the cryptofunds in the wallet which we think were trusted.

I have come accross another thread about the installation of a certain application that looks like a malware that can access important details of the computer or device where the application were being installed. I have to be cautious anytime when installing or clicking links that are fakes.

Since there indicators of fake links and site already then I can avoid it somehow. Probably a good attitude in browsing the net is to bookmark sites that are always visited or to check link first if it is legit or right.
cryptomaniac_xxx
Hero Member
*****
Offline Offline

Activity: 560
Merit: 508



View Profile
September 08, 2020, 08:42:34 AM
 #18

Honestly anyone dealing with cryptocurrencies by now should already be using Linux or at least give it a try. Windows is constantly being attacked and antivirus or anti-malware programs are definitely not the solution as they can also be attacked and give a false sense of security. For starters, give Linux Mint a try.
I understand, but not everyone who deals in crypto are technically incline though, heck even others have problems creating their own wallet and how to store and protect their private keys. I also have Linux Mint installed on my other machines, and I enjoyed working on it. But sometimes applications I still need some G based applications.

Duelbits            ▄████▄▄
          ▄█████████▄
        ▄█████████████▄
     ▄██████████████████▄
   ▄████▄▄▄█████████▄▄▄███▄
 ▄████▐▀▄▄▀▌████▐▀▄▄▀▌██

 ██████▀▀▀▀███████▀▀▀▀█████

▐████████████■▄▄▄■██████████▀
▐██████████████████████████▀
██████████████████████████▀
▀███████████████████████▀
  ▀███████████████████▀
    ▀███████████████▀
.
         ▄ ▄▄▀▀▀▀▄▄
         ▄▀▀▄      █
         █   ▀▄     █
       ▄█▄     ▀▄   █
      ▄▀ ▀▄      ▀█▀
    ▄▀     ▀█▄▄▄▀▀ ▀
  ▄▀  ▄▀  ▄▀

Live Games

   ▄▄▀▀▀▀▀▀▀▄▄
 ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄
▄▀ █ ▄  █  ▄ █ ▀▄
█ █   ▀   ▀   █ █  ▄▄▄
█ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █   █
█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█  █▄█
█ ▀▀█  ▀▀█  ▀▀█ █  █▄█

Slots
.
        ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄
        █         ▄▄  █
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄       █
█  ▄▄         █       █
█             █       █
█   ▄▀▀▄▀▀▄   █       █
█   ▀▄   ▄▀   █       █

Blackjack
|              ▄▄▀▀█▌
          ▄▄▀█▄    █
        ▄▀     ▀▄▄ █
       █    ▄▄    ▀█
    ▄▄█    █  █   ▐▌
  ▄▀ █      ▀▀    █
▄▀  ▐▌           █
█ ▄▀▀▄▄        ▄▀
▀▀  ▄  ▀▄▄   ▄▀█
  ▄▀   ▄  ▀█▀  █
   ▄▀ ▄▀   █  █
  ▄▀ █     █▄▀
   ▄▀
NEW GAME!
..CRASH...
|||
[ Đ ][ Ł ]
AVAILABLE NOW
NotATether
Hero Member
*****
Offline Offline

Activity: 672
Merit: 2137


Cryptographic Crawler


View Profile WWW
September 09, 2020, 08:56:29 PM
Merited by Lucius (1)
 #19

This strain of malware already existed before, since a couple of years ago. Malpedia has a dump of whitepapers about it and Mitre nicely lists the attacks it can make. Microsoft only made a tweet about Anubis but I don't see any new whitepapers written about it, or new information about Anubis on the news. So I don't think there is a new strain of Anubis in the wild, I think we are just talking about the same old version.

Also, it doesn't only target cryptocurrency wallets, it grabs anything with financial value, so that means passwords, credit cards, and just about anything else you'd expect malware to steal. So while I don't think it's safe to copy private keys or seed phrases on such systems, if you obfuscate and scramble your keys before storing them on such infected systems (it could be as simple as encoding it in hexadecimal or base64) then I believe the command-and-control operators running Anubis will be confused and not know what this data represents, and may treat it like junk data.

Anubis rang a bell, and I thought this was old news from at least 2018/2019, when a banking targeting malware was on the loose.

It does ring a bell, {Warning}: Cerberus Android Malware Can Bypass 2FA, Unlock Devices Remotely.

If we are going by the flow, it was supposedly a fork of Loki, so back tracking, the mode of attack is:


So I will assume that the 3rd attack vector is what Microsoft Engineers have seen in the wild.

No, Cerberus is not the same malware as Anubis, they have different codebases. And LokiBot is also a different malware from those two, they are developed independently of each other, and when you analyze these three viruses you should treat the as three separate threats as they don't share features unless one dev explicitly copies features from another one, and they may not even be open source making what I said impossible for them to do.

So it's not like there's this combined banking trojan threat that's out to get us all, which is what the media is making it out as. Like I said earlier, news articles don't give out specific details about how malware works.

I also think it is dangerous for the Anubis writers to replay the hacking strategies that LokiBot used, because their methods are already well documented by researchers, like the Trend Micro articles you linked to, so it makes it easier for some enterprise to detect an attempted hack and sanitize their computer systems.



There is an easy killswitch for Anubis, just turn off your phone's gyroscope because it monitors it to see if the phone moves. This is the same killswitch in Cerberus by the way, I think I wrote about that one here before. It's a common test malware authors put in to make sure the malware does not run in security researchers' emulated and hand-crafted Android sandboxes so they can't inspect it for properties and patterns.

So that means if you have an old dumb-phone running Android but it has no gyroscope in it then you cannot be infected by any of these "modern" trojans because they will stop themselves automatically and clean up their traces from your device!  Cheesy

A lot of malware and vulnerabilities can be mitigated by disabling specific programs in your computer. Do any of you know about Powershell? It is a scripting language that's bundled with Windows. Nobody except for developers uses it, and it is also widely used by malware to download themselves onto your computer. You can't turn it off, but you can virtually incapacitate it's ability to run scripts by running this in an Administrator Powershell:

Code:
Set-ExecutionPolicy -ExecutionPolicy AllSigned

And to enable it to run scripts again you run:

Code:
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned

This prevents Powershell from running scripts unless they are signed by a centralized certificate issuer, and there's no way a malware author can convince one of them to sign their malware-installing script.

And to stop the vast majority of malware from being able to run their payloads in a Word document, you should disable VBScript*, another Windows scripting language that is both ancient and obsolete (and can run on Windows even if no programs are installed). Word documents can run VBScript when you interact with them but this can be abused easily. I am disappointed that it is still enabled by default. There is no effort to patch VBScript security holes because it is considered legacy software. VBScript is not used in newer software, partly because there is no documentation about VBscript, and even MS wants you to stop using it.

Here are the registry keys you need to add to completely turn it off (Warning: this might make some programs that have parts of code written a long time ago in VBscript, such as Office, stop working. If that happens, just delete the keys if you created them, or change the values from 0 to 1.)

Here are the steps to be taken to disable the Windows Script Host (WSH) functionality for the current user (step 2-3) and / or for all users (steps 4-5):

    Press the WINDOWS + R keys, then type regedit to open the system registry in edit mode.
    Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings\
    Create (if it doesn’t exist already) a new REG_DWORD key, call it Enabled and assign a value of 0 (zero) to it.
    Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Script Host\Settings\
    Create (if it doesn’t exist already) a new REG_DWORD key, call it Enabled and assign a value of 0 (zero) to it.

*To put in perspective just how much malware stops working without this, bear in mind that this is the language script kiddies write all of their malware in. So that means it is easy for even them to write malware using VBscript.

Without any scripting systems to run on, it becomes much harder for people to run phishing attacks to download and run arbitrary stuff.


1. never click on any suspicious links specially shortened URL's

This advice is not effective because hackers nowadays put their malware in innocent looking URLs that they send you in email messages along with some normal-looking headline. So it's easy for us to fall bait to it.

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!